Lucene search

@huntrdevCVELIST:CVE-2022-0520

HistoryFeb 08, 2022 - 8:40 p.m.

CVE-2022-0520 Use After Free in radareorg/radare2

2022-02-0820:40:15

CWE-416

@huntrdev

www.cve.org

cve-2022-0520

radareorg/radare2

use after free

npm

radare2.js

security

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

45.4%

JSON

Use After Free in NPM radare2.js prior to 5.6.2.

CNA Affected

[
  {
    "product": "radareorg/radare2",
    "vendor": "radareorg",
    "versions": [
      {
        "lessThan": "5.6.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8

huntr.dev/bounties/ce13c371-e5ef-4993-97f3-3d33dcd943a6

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

45.4%

JSON

Related for CVELIST:CVE-2022-0520